Category Archives: Static analysis

JS static analysis projects

Taras was reflecting on his attempts to build community around static analysis tools for open source software. Taras has built some impressive tools for analyzing our massive C++ codebase at Mozilla, and has brought static analysis into the Mozilla lexicon. Lately, our research group has been carrying the torch by creating new tools for analyzing JavaScript.

Last summer, our research intern Dimitris Vardoulakis built Doctor JS, a static analysis for JavaScript based on Dimitris’s award-winning CFA2 algorithm. Our first uses of Doctor JS were a type inference service and js-ctags, which generates output that IDE’s can use for auto-completion.

This summer, we’re starting more projects with Doctor JS. With the help of Dimitris and our intern Rezwana Karim, we’re investigating event listener registration patterns in Firefox addons to test for compatibility issues with Electrolysis. Another intern, Vineeth Kashyap, is modifying Doctor JS to do static taint tracking as a way of doing security analyses for leaking chrome-privilege data into content-privilege code.

I’d like Doctor JS to get to a point where it’s more scriptable—a “semantic grep” tool like Dehydra. I’m sure we’ll crib some notes from Taras’s work. But for a first step we’re just going to adapt the tool as needed to the specific applications we’re using it for. Hopefully this will give us a better feel for how to generalize it down the road to be more user-extensible.